Class: RuboCop::Cop::Security::CompoundHash

Inherits:

Base

• Object
• Base
• RuboCop::Cop::Security::CompoundHash

Defined in:

lib/rubocop/cop/security/compound_hash.rb

Overview

Checks for implementations of the ‘hash` method which combine values using custom logic instead of delegating to `Array#hash`.

Manually combining hashes is error prone and hard to follow, especially when there are many values. Poor implementations may also introduce performance or security concerns if they are prone to collisions. Delegating to ‘Array#hash` is clearer and safer, although it might be slower depending on the use case.

Examples:

# bad
def hash
  @foo ^ @bar
end

# good
def hash
  [@foo, @bar].hash
end

Constant Summary

COMBINATOR_IN_HASH_MSG =

'Use `[...].hash` instead of combining hash values manually.'

MONUPLE_HASH_MSG =

'Delegate hash directly without wrapping in an array when only using a single value.'

REDUNDANT_HASH_MSG =

'Calling .hash on elements of a hashed array is redundant.'

Constants inherited from Base

Base::RESTRICT_ON_SEND

Instance Attribute Summary

Attributes inherited from Base

#config, #processed_source

Instance Method Summary

• #bad_hash_combinator?(node) ⇒ Object
• #contained_in_hash_method?(node, &block) ⇒ Boolean
• #dynamic_hash_method_definition?(node) ⇒ Object
• #hash_method_definition?(node) ⇒ Object
• #monuple_hash?(node) ⇒ Object
• #on_send(node) ⇒ Object (also: #on_op_asgn)
• #outer_bad_hash_combinator?(node) ⇒ Boolean
• #redundant_hash?(node) ⇒ Object
• #static_hash_method_definition?(node) ⇒ Object

Methods inherited from Base

#active_support_extensions_enabled?, #add_global_offense, #add_offense, #always_autocorrect?, autocorrect_incompatible_with, badge, #begin_investigation, #callbacks_needed, callbacks_needed, #config_to_allow_offenses, #config_to_allow_offenses=, #contextual_autocorrect?, #cop_config, cop_name, #cop_name, department, documentation_url, exclude_from_registry, #excluded_file?, #external_dependency_checksum, inherited, #initialize, #inspect, joining_forces, lint?, match?, #message, #offenses, #on_investigation_end, #on_new_investigation, #on_other_file, #parse, #parser_engine, #ready, #relevant_file?, requires_gem, #string_literals_frozen_by_default?, support_autocorrect?, support_multiple_source?, #target_rails_version, #target_ruby_version

Methods included from ExcludeLimit

#exclude_limit

Methods included from AutocorrectLogic

#autocorrect?, #autocorrect_enabled?, #autocorrect_requested?, #autocorrect_with_disable_uncorrectable?, #correctable?, #disable_uncorrectable?, #safe_autocorrect?

Methods included from IgnoredNode

#ignore_node, #ignored_node?, #part_of_ignored_node?

Methods included from Util

silence_warnings

Constructor Details

This class inherits a constructor from RuboCop::Cop::Base

Instance Method Details

#bad_hash_combinator?(node) ⇒ Object

# File 'lib/rubocop/cop/security/compound_hash.rb', line 58

def_node_matcher :bad_hash_combinator?, <<~PATTERN
  ({send | op-asgn} _ {:^ | :+ | :* | :|} _)
PATTERN

#contained_in_hash_method?(node, &block) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rubocop/cop/security/compound_hash.rb', line 75

def contained_in_hash_method?(node, &block)
  node.each_ancestor.any? do |ancestor|
    hash_method_definition?(ancestor, &block)
  end
end

#dynamic_hash_method_definition?(node) ⇒ Object

# File 'lib/rubocop/cop/security/compound_hash.rb', line 42

def_node_matcher :dynamic_hash_method_definition?, <<~PATTERN
  (block
    (send _ {:define_method | :define_singleton_method}
      (sym :hash))
    (args)
    _)
PATTERN

#hash_method_definition?(node) ⇒ Object

# File 'lib/rubocop/cop/security/compound_hash.rb', line 37

def_node_matcher :hash_method_definition?, <<~PATTERN
  {#static_hash_method_definition? | #dynamic_hash_method_definition?}
PATTERN

#monuple_hash?(node) ⇒ Object

# File 'lib/rubocop/cop/security/compound_hash.rb', line 63

def_node_matcher :monuple_hash?, <<~PATTERN
  (send (array _) :hash)
PATTERN

#on_send(node) ⇒ Object Also known as: on_op_asgn

# File 'lib/rubocop/cop/security/compound_hash.rb', line 87

def on_send(node)
  outer_bad_hash_combinator?(node) do
    contained_in_hash_method?(node) do
      add_offense(node, message: COMBINATOR_IN_HASH_MSG)
    end
  end

  monuple_hash?(node) do
    add_offense(node, message: MONUPLE_HASH_MSG)
  end

  redundant_hash?(node) do
    add_offense(node, message: REDUNDANT_HASH_MSG)
  end
end

#outer_bad_hash_combinator?(node) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rubocop/cop/security/compound_hash.rb', line 81

def outer_bad_hash_combinator?(node)
  bad_hash_combinator?(node) do
    yield true if node.each_ancestor.none? { |ancestor| bad_hash_combinator?(ancestor) }
  end
end

#redundant_hash?(node) ⇒ Object

# File 'lib/rubocop/cop/security/compound_hash.rb', line 68

def_node_matcher :redundant_hash?, <<~PATTERN
  (
    ^^(send array ... :hash)
    _ :hash
  )
PATTERN

#static_hash_method_definition?(node) ⇒ Object

# File 'lib/rubocop/cop/security/compound_hash.rb', line 51

def_node_matcher :static_hash_method_definition?, <<~PATTERN
  ({def | defs _} :hash
    (args)
    _)
PATTERN